Glossary

Information Security

Information Security, also known as InfoSec or IS is a security discipline that ensures the protection, confidentiality, availability, and integrity of computer data. IS prevents the unauthorized use of data, specifically in regard to access, use, sharing, transmission, disclosure, disruption, modification, inspection, recording, or destruction.

InfoSec is primarily concerned with the data confidentiality, integrity, and availability — known as the CIA triad. It needs to achieve this while ensuring all security policies are followed, and that information security does not negatively impact on business processes and operations. The CIA triad includes:

Confidentiality — ensuring that sensitive data is only made available to users and systems that have a requirement to read, access, modify, or otherwise interact with the data, and putting security controls in place to prevent unauthorized access.

Integrity — ensuring that sensitive data cannot be added to, modified, deleted, or otherwise altered unless the user or system doing so has a valid reason, and putting security controls in place to prevent unauthorized modification.

Availability — ensuring that sensitive data is easy to access and manage for users and systems that dso have verified, authenticated access to that data, and putting security controls in place that balances confidentiality and integrity with access and ease of use.